CVE-2021-43071

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.4.1 through 6.4.0 FortiWeb versions 6.3.15 and earlier FortiWeb versions 6.2.6 and earlier

Description A heap-based buffer overflow in FortiWeb allows an attacker to execute unauthorized code or commands via crafted HTTP requests to the "LogReport API controller". This issue is related to a buffer overflow in memory, which can be exploited by a remote attacker using a specially crafted HTTP request.

Recommendations For FortiWeb versions 6.4.1 and 6.4.0, update to a version that fixes the heap-based buffer overflow issue. For FortiWeb versions 6.3.15 and earlier, update to a version that fixes the heap-based buffer overflow issue. For FortiWeb versions 6.2.6 and earlier, update to a version that fixes the heap-based buffer overflow issue. As a temporary workaround, consider restricting access to the LogReport API controller until a patch is available.